Received: by 2002:a05:6358:5282:b0:b5:90e7:25cb with SMTP id g2csp3416182rwa;
        Tue, 23 Aug 2022 04:32:16 -0700 (PDT)
X-Google-Smtp-Source: AA6agR7+gAAbWGo3e2l3coi8fM+AP598Jun6hM31i4RyDzj+OFzHqHfKLd+A4uS0E5JBCTels4Ag
X-Received: by 2002:a17:90a:8c0f:b0:1fb:5907:de96 with SMTP id a15-20020a17090a8c0f00b001fb5907de96mr2825385pjo.174.1661254216820;
        Tue, 23 Aug 2022 04:30:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1661254216; cv=none;
        d=google.com; s=arc-20160816;
        b=fCNZLEzShHtT5nQ2DPvJrgB8nHGJ4+eGo6rBQlloWWpwuanOrZvKSABB1jY4LiwOuM
         YD/vS+bHbcyWZH8otLe/YMJv5vGXtg083N2+wcZhptB9n0fZXFzdTksTSr8EgDkHZM8w
         7jhdm5gIzTWwNEW6UylVKkY8z9ILsFSz7yT5xDz53dAVhJIl2D7noqPS+Mn47kKQzoWl
         8ynpySAYuaNwZfXJIHAhusyHJkDQ/U+BmrTONuZnLLEMNR+tiinyShT2uts12gpWA1wP
         lsvrFx9dA1N8wX9QWMTBqO0YvGLwapUIpgSx5Z3kDlWSAHUNznoQ6Dhv2WksEKiMBc07
         xm7Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=NkA83Uz0JjcLLPj0kFp+ZZLMYECmbDVlB0lBINs5+aQ=;
        b=upVuFu7kkhFf8u52pCvFv0AhZasT/mK0wr8O2KpkcvvqxK6m115UBSc7cvLTntVJiK
         qg+RRghdMMUYOHRytwPCGe2+xsjSmXfw9pjhfOdMvIHOPCwvEMJjo7xdE96v/H8Pi4Z/
         YR7kMhh0x70oM3kzRiZvgRZqzWsOCgY6rb3wTmoaBwotAnj3X9QJqJTgIqlJGnDqFcHq
         8F/6uSF7ZbdOS4gespDPqZAV4PyLQz8vNn0oDTGYpZ3ZX0jDoc3eya3HUwIkrW36M7yI
         BVnktbzDc7dE0yyx5LJqaxSYSsWlQtQ9RZ6SAgCiipsxOKE6OBn5S/dbT+EHv7ceeADB
         O40A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ghHvpV5g;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id ja19-20020a170902efd300b00172cb948c68si7607473plb.227.2022.08.23.04.30.05;
        Tue, 23 Aug 2022 04:30:16 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ghHvpV5g;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1352608AbiHWKJC (ORCPT <rfc822;andreqb@gmail.com> + 99 others);
        Tue, 23 Aug 2022 06:09:02 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44114 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1352614AbiHWKCM (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 23 Aug 2022 06:02:12 -0400
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 81061A2615;
        Tue, 23 Aug 2022 01:50:14 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id 858A661499;
        Tue, 23 Aug 2022 08:50:13 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 908C3C433D6;
        Tue, 23 Aug 2022 08:50:12 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1661244613;
        bh=Sx7YHlC+iMKeMwWYo50W0TgzSYAvSksJ9vsSXpoXKBc=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=ghHvpV5gkn4qrhyl9Y1cgwNxWrw2H/H/w2GiTfJHF3pXU1/5ELcQ6euhh9tdlplEu
         nOeg7ajiMZlLWKhKbNyA/ecWkILoam8zd3EyJxpvLorGhsWsC60mu0ZWoCve6YPhuL
         cg4c2pzCL+NZkUTTPp92L7fOWA7ga9hrEK531ksQ=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Pablo Neira Ayuso <pablo@netfilter.org>
Subject: [PATCH 5.15 123/244] netfilter: nf_tables: use READ_ONCE and WRITE_ONCE for shared generation id access
Date:   Tue, 23 Aug 2022 10:24:42 +0200
Message-Id: <20220823080103.171945337@linuxfoundation.org>
X-Mailer: git-send-email 2.37.2
In-Reply-To: <20220823080059.091088642@linuxfoundation.org>
References: <20220823080059.091088642@linuxfoundation.org>
User-Agent: quilt/0.67
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Pablo Neira Ayuso <pablo@netfilter.org>

commit 3400278328285a8c2f121904496aff5e7b610a01 upstream.

The generation ID is bumped from the commit path while holding the
mutex, however, netlink dump operations rely on RCU.

This patch also adds missing cb->base_eq initialization in
nf_tables_dump_set().

Fixes: 38e029f14a97 ("netfilter: nf_tables: set NLM_F_DUMP_INTR if netlink dumping is stale")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/netfilter/nf_tables_api.c |   20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -837,7 +837,7 @@ static int nf_tables_dump_tables(struct
 
 	rcu_read_lock();
 	nft_net = nft_pernet(net);
-	cb->seq = nft_net->base_seq;
+	cb->seq = READ_ONCE(nft_net->base_seq);
 
 	list_for_each_entry_rcu(table, &nft_net->tables, list) {
 		if (family != NFPROTO_UNSPEC && family != table->family)
@@ -1626,7 +1626,7 @@ static int nf_tables_dump_chains(struct
 
 	rcu_read_lock();
 	nft_net = nft_pernet(net);
-	cb->seq = nft_net->base_seq;
+	cb->seq = READ_ONCE(nft_net->base_seq);
 
 	list_for_each_entry_rcu(table, &nft_net->tables, list) {
 		if (family != NFPROTO_UNSPEC && family != table->family)
@@ -3054,7 +3054,7 @@ static int nf_tables_dump_rules(struct s
 
 	rcu_read_lock();
 	nft_net = nft_pernet(net);
-	cb->seq = nft_net->base_seq;
+	cb->seq = READ_ONCE(nft_net->base_seq);
 
 	list_for_each_entry_rcu(table, &nft_net->tables, list) {
 		if (family != NFPROTO_UNSPEC && family != table->family)
@@ -4036,7 +4036,7 @@ static int nf_tables_dump_sets(struct sk
 
 	rcu_read_lock();
 	nft_net = nft_pernet(net);
-	cb->seq = nft_net->base_seq;
+	cb->seq = READ_ONCE(nft_net->base_seq);
 
 	list_for_each_entry_rcu(table, &nft_net->tables, list) {
 		if (ctx->family != NFPROTO_UNSPEC &&
@@ -4964,6 +4964,8 @@ static int nf_tables_dump_set(struct sk_
 
 	rcu_read_lock();
 	nft_net = nft_pernet(net);
+	cb->seq = READ_ONCE(nft_net->base_seq);
+
 	list_for_each_entry_rcu(table, &nft_net->tables, list) {
 		if (dump_ctx->ctx.family != NFPROTO_UNSPEC &&
 		    dump_ctx->ctx.family != table->family)
@@ -6796,7 +6798,7 @@ static int nf_tables_dump_obj(struct sk_
 
 	rcu_read_lock();
 	nft_net = nft_pernet(net);
-	cb->seq = nft_net->base_seq;
+	cb->seq = READ_ONCE(nft_net->base_seq);
 
 	list_for_each_entry_rcu(table, &nft_net->tables, list) {
 		if (family != NFPROTO_UNSPEC && family != table->family)
@@ -7728,7 +7730,7 @@ static int nf_tables_dump_flowtable(stru
 
 	rcu_read_lock();
 	nft_net = nft_pernet(net);
-	cb->seq = nft_net->base_seq;
+	cb->seq = READ_ONCE(nft_net->base_seq);
 
 	list_for_each_entry_rcu(table, &nft_net->tables, list) {
 		if (family != NFPROTO_UNSPEC && family != table->family)
@@ -8612,6 +8614,7 @@ static int nf_tables_commit(struct net *
 	struct nft_trans_elem *te;
 	struct nft_chain *chain;
 	struct nft_table *table;
+	unsigned int base_seq;
 	LIST_HEAD(adl);
 	int err;
 
@@ -8661,9 +8664,12 @@ static int nf_tables_commit(struct net *
 	 * Bump generation counter, invalidate any dump in progress.
 	 * Cannot fail after this point.
 	 */
-	while (++nft_net->base_seq == 0)
+	base_seq = READ_ONCE(nft_net->base_seq);
+	while (++base_seq == 0)
 		;
 
+	WRITE_ONCE(nft_net->base_seq, base_seq);
+
 	/* step 3. Start new generation, rules_gen_X now in use. */
 	net->nft.gencursor = nft_gencursor_next(net);